Clayton Rule Documentation
Learn everything about our rules, and how to leverage them drive absolute quality in your development team.
Clayton Rules - Common Weakness Enumeration mapping
Clayton Rules - Use native ZIP functions over Zippex
Clayton Rules - Hardcoded secret
Clayton Rules - Passwords set programmatically
Clayton Rules - Avoid Using HTTP Referer Headers
Clayton Rules - Email spamming risk
Insecure sharing to external users
Clayton Rules - Server-side Payload Injection
Clayton Rules - User Registration Without Limits
Clayton Rules - LWC Clickjacking on CSS
Clayton Rules - Import of sensitive fields in Lightning Web Components (LWC)
Clayton Rules - Direct DOM manipulation in Lightning Web Components (LWC)
Clayton Rules - Sensitive information storage
Sensitive information logging
Clayton Rules - Excessive data access permissions
Subresource integrity
Content Security Policy (CSP)
Insecure endpoints
Named credentials
Randomization of cryptographic keys
Use of Session storage and Local storage
Use of Session ID in Visualforce
Missing access restrictions in flows
Multiple automation on the same object
Multiple record-triggered flows on the same object
Call to blocklisted method
Missing fault path in Flows
Identify methods with global visibility
Asynchronous methods in loops
Boundaries on SOQL statements
Bulkification of triggers
Business logic in triggers
Metadata API recency
Multiple triggers per object
Number of arguments per method
Number of methods per class
Send email in loops
Inefficient Calls to Schema.getGlobalDescribe
Use of spaces in attribute class selectors
Clayton Rules - Naming conventions on Aura Controller Property
Clayton Rules -Naming conventions on Apex inner classes
Clayton Rules - Naming conventions on Apex triggers
Naming conventions for Apex variables
Naming conventions on Apex methods
Naming conventions on sObjects
Clayton Rules - Naming conventions on sObjects fields
Clayton Rules - Inactive flows and processes
Clayton Rules - Inactive validation rules
Clayton Rules - Objects with an excessive number of custom fields
Clayton Rules - High complex flows and processes
Clayton Rules - High complex Apex methods
Clayton Rules - High complex Apex files
Clayton Rules - Use of outdated API version for ICU locale
Clayton Rules - Retirement of AccountInsights and OpportunityInsights Settings
Retirement of Streaming API versions
Deprecated methods in URL Class
Deprecated SiteSetting
Changed behaviour on Type.forName
Retirement of Salesforce Functions
Clayton Rules - JsonAccess Annotation
Clayton Rules - Use of deprecated list view resources
Clayton Rules - Use of Retired Workflows and Process Builders
Clayton Missed opportunity: Static SOQL for Data Cloud DMOs
Clayton Rules - Untested Flows
Clayton Missed opportunity: defaultValue and placeholderText modifiers
Clayton Rules - Use of JavaScript in WebLinks
Clayton Rules - Breaking Change in LWC host access
Clayton Rules - Breaking change in LWC import and export statements
Clayton Rules - Breaking change in LWC style access
Clayton Missed opportunity: Null Coalescing Operator